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1. INTRODUCTION 

The 6G mobile network will consist of heterogeneous nodes, from macro-level devices (satellites) to 
autonomous vehicles and intelligent infrastructure sensors [1]. This network heterogeneity and a significant 
increase in coverage can reduce the security and privacy of users of 6G networks compared to previous 
generations of mobile communications. Potential losses from security incidents can be critical concerning 
personal information, finances, health, and even the life of network subscribers if, for example, attacks on 
unmanned transport systems are implemented, leading to mass traffic accidents, including fatalities [2]. 6G 
security mechanisms will be based on symmetric and asymmetric cryptography in the context of quantum 
computing development [3]. Providing security against quantum computing can reduce the effectiveness of 
these mechanisms. 

One of the promising technologies for increasing quantum stability in the public key cryptography 
model is the use of quantum key distribution [4]. However, due to the high cost, it is still challenging to 
implement a quantum network around the world. Another new method uses quantum-safe hybrid key 
exchange mechanisms based on the theory that a cryptosystem will remain secure if one of its key exchange 
methods remains secure [5]. As an example of such an approach, it is proposed to combine a classical key 
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exchange method, such as the Diffie-Hellman (DH) scheme, and a quantum-safe key encapsulation 
mechanism [6]. 

The DH method allows a common encryption key (DH key) to be formed over the hackable 
communication channel to establish a secure connection between the two correspondents [7]. This method is 
commonly used in network protocols secure sockets layer/transport layer security (SSL/TLS), IPsecurity 
(IPSec), pretty good privacy privacy (PGP), and other applications. The DH algorithm security cannot be 
compromised because some network protocols and services depend upon DH key exchange for reliable 
communication. Therefore, many researchers propose various ways to modify the DH scheme to make this 
algorithm more resistant to attacks and more effective for new applications, for the internet of things (loT), 
cloud systems, and new generation cellular communications. The user registration phase, integrated with DH 
key exchange and random key generation, is the core of the proposed authenticated key management scheme 
(AKMS) [8]. The AKMS scheme guarantees confidentiality in transferring keys between users using two 
keys and encryption. First, the server generates a random key to encrypt the file before transmission. The user 
then encrypts a random key using a key generated by the DH key exchange. The authors of the work [9] also 
apply integration with the classical protocol and propose a secure and efficient routing protocol (RPL) for 
IoT networks. To secure this powerful new RPL protocol and guarantee authentication and data integrity, 
nodes must have a shared secret key calculated using the new advanced DH algorithm. We considered 
various ways to store data in the cloud for a given time using several cryptographic solutions, including the 
DH key distribution protocol [10]. 

A DH key digital signature is one of the directions for solving the key authentication task [11]. The 
digital signature is verified using the open key distributed in the network utilizing a certificate. This approach 
is used in SIGMA protocol [12], the base for the internet key exchange (IKE) protocol v.2, and requires 
public key infrastructure (PKI). Another approach to solving the authentication task for the key distributed 
using the DH method is to use binary sequences previously distributed among users. The users develop these 
sequences while pairing their mobile devices in a face-to-face meeting [13]. The eavesdropper is removed 
from the users and does not have access to the sequences that are exchanged between the users. The users 
cannot directly use the generated sequences as encryption keys because these sequences contain a certain 
percentage of errors (misalignments). This approach is studied in detail in the paper [14]. The peculiarity of 
the approach is that users need to connect their mobile devices to obtain almost identical sequences and use 
them efficiently to select a key using the DH method. This method is preferably oriented to mobile devices 
such as smartphones. 

A physically unclonable function (PUF) is a property of a physical (digital) system that cannot be 
cloned (reproduced, copied) in other physical systems [15]. PUFs owe their unclonability to the fact that they 
consist of several random components in the production process and cannot be controlled. Due to random 
parameters, each digital system can be treated as unique and physically unconnected. The PUFs is based on 
extracting unique parameters from digital systems. PUFs have gained great popularity in the last 10-15 years 
in solving various cybersecurity problems and, primarily, in solving authentication tasks [16]. 

In this paper, we consider a method for authenticating a key generated by the DH protocol, with the 
participation of a trusted center (TC) and using PUF. We have proposed two options for key distribution 
protocols among network users with hardware implementation of a PUF in their devices. The trusted 
authority (TA) has a database of request-response value pairs for each user’s PUF. The main contributions of 
this work are highlighted: 

a. We have formulated requirements for PUFs suitable for authentication systems. 
b. We develop two variants of DH key authentication protocols using arithmetic operations and PUFs. 
c. We analyze and evaluate the security of the proposed protocols. 

The rest of the paper is organized as follows. The next part briefly describes the standart scheme of 
DH algorithm and analyses the PUF construction principles, their features and the models used to formalize 
their parameters. The third section explains the approach to building DH key authentication systems based on 
PUF and TA presents developed authentication protocol variants using arithmetic operations and hash 
functions. Analyze and evaluate results for the security of the proposed protocols are present in the fourth 
part. The conclusion summarizes the work and points out promising directions for further research. 


2. THE COMPREHENSIVE THEORETICAL BASIS 
2.1. The existing scheme of DH algorithm and its vulnerabilities 

Let us assume that Alice and Bob exchange information over a network using the standard DH key 
exchange process [7]. Network users Alice (A) and Bob (B) agree on the parameters p and g, where p is a 
prime number and g is an element of a finite field GF(p), which generates a group having a high group, and 
the following protocol is executed. 
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a. Alice generates an element of the field x E (1,p — 1), she computes X = g” (mod p), and sends it to 
Bob. 
. Bob generates an element y E (1, p — 1), he computes it Y = g” (mod p) and sends it to Alice. 
c. Alice computes a key K4 = Y* (mod p). 
d. Bob computes a key Kg = X’ (mod p). 

Keys computed by Alice and Bob are equal K4 = g7% (mod p) = Kg = g* (mod p) = Ky. 
Cryptographic protocols based on cryptographic algorithms can provide a high level of security. But 
cryptographic protocols can be compromised by vulnerabilities such as man-in-the-middle (MITM) attacks in 
areas of remote user interaction [17]. An overview of MITM attacks targeting the DH protocol was provided 
[18]. Eavesdropper eve can record the messages that will be sent from Alice to Bob, and she can later send a 
copy of the messages to Bob. Bob will assume that these messages come from Alice. Eve can then send her 
messages to Alice, who would believe that they came from Bob. Many researchers have proposed defenses 
against this type of attack. The most well-known approaches are digital signatures and message 
authentication codes [18]. Although they are convenient for many systems, they still have some weaknesses. 
The proposed paper aims to distribute keys between Alice and Bob without compromising them with Eve. 
Consider the MITM attack in more detail see Figure 1. 

a. User A generates a random number x € [1,p — 1], calculates X4 = g* mod p and sends the obtained 
value to the correspondent B. 

b. User B generates a random number y € [1,p — 1], calculates value Yẹ = g” mod pand sends the 
obtained value to the correspondent A. 

—  Eavesdropper F intercepts X4, saves it in the memory, generates a random number e € [1,p — 1], finds 
Y; = g° mod p and sends it to the user A under the guise of the user B. 

— The eavesdropper E intercepts Yg, saves it in the memory, generates a random number e’ € [1,p — 1], 
finds Xz = g” mod p and sends it to the user B under the guise of the user A. 

a. User A calculates the session key value: 


K, = (Y;)” mod p = g™ mod p 

— The eavesdropper finds the key to communication with A. 
Kg = (X4)° mod p = g*° mod p 

b. User B calculates the session key value: 
Kpg = (Xg)” mod p = ge? mod p 

— The eavesdropper finds the key to communication with B. 
K; = (Yp)® mod p = g”° mod p 


It is obvious that K, = Kg and Kp = Kọ. 


Figure 1. MITM attack for the DH algorithm 
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Thus, the eavesdropper E has formed a common key Kp with the User A and a common key Kẹ with 
the user B. If the user A sends an encrypted message on the key K4, then the eavesdropper will decipher this 
message on the key Kg and will re-encrypt on the key Kp. Then he will send cryptography to the user B, who 
will decipher it on the key Kg. At the same time, the user A believes that he directly works with the user B, 
and the user B thinks that he works directly with the user A. The actual exchange between the users A and B 
is supervised by the eavesdropper E. 

Let us highlight that even if the eavesdropper uses the same numbers e = e’ when forming keys by 
the users A and B, the keys between A and B will be different since it is highly likely that x # y. It means 
the man-in-the-middle attack is carried out Kg # Kẹ and K, # Kp. This fact will be used when building the 
authentication protocols based on the PUFs. 


2.2. The principles of PUF building and features 

PUF can be described by pairs of input and corresponding to output parameters (signals): R = f(C), 
where input signals C = c4, C2,...,C¢ are called challenges, and output signals R = 1,,7,...,7, are called 
answers (responses) [19]. A pair consisting of an input physical parameter (challenge) and an output 
parameter (response) is called challenge—response challenge-response pair (CRP). PUF must satisfy the 
following requirements [19]: 

a. Response signal R may be extracted repeatedly and reliably by measuring for challenge C. 

b. The number of possible challenges C; must be so large that all responses corresponding to it R; cannot 
be obtained by going over within the observable time. 

c. Since in the physical system, there is an extremely large number of data determining the response to this 
challenge, and it must be computationally impossible to calculate, simulate or by any other way to find 
a CRP (C, R) when knowing the other pair (C', R^) or some number of such pairs. 

d. Cloning of a given physical system by another physical system, which is described by similar multiple 
CRPs, or its physical reproduction must be extremely difficult. 

At present, many PUF types have been suggested: optical PUF, covering PUF, PUF of arbiter type, 
PUF based on ring oscillators, PUF based on static operative storing device, PUF of butterfly type (latch, 
multivibrator oscillator), PUF based on failures, combined PUF. Production of all PUFs is characterized by 
technological variations that affect the output parameters of the system. Due to this, these parameters will 
vary from device to device while preserving the identity of device functionality and their internal topology. 
The number of technological variations, such as p-n transitions or impurities in the substrate, determine the 
number of possible PUFs. 

Our research object is an authentication system. For such a system, such properties as robustness, 
unclonability, and unpredictability are important. 

Let us introduce the following notation: 

{C} - a set of challenges at the PUF input; 

{R}- a set of responses at the PUF output; 

{C, R},- a set of CRPs of the sth PUF; 

{F}- a set of PUF for a selected production technology with specified display pairs R = f (C); 

{F;j}- a sub-set of PUF for a specified pair (C;, Rj); 

|A| - the potency of an arbitrary set A. 

Robustness can be defined as the PUF’s ability to maintain its properties, particularly the univocacy 
of the display C — R with changing conditions of PUF functioning (temperatures, humidity, and supply 
voltage). Additional measures, for example, noiseless codes, are used to increase resistance to destabilizing 
factors. In this case, they talk about a PUF system [15]. Unclonability. The notion of unclonability in [20] is 
discussed in two types: 

— Existential unclonability, it is understood as an impossibility for the eavesdropper to create two PUFs 
with the same properties; 
— Selective unclonability. 

In the second case, creating a new PUF clone of the original PUF is impossible if the eavesdropper 
accesses the original PUF. At the same time, it is assumed that some restrictions are performed. For example, 
the time of access to the PUF is limited, and the eavesdropper cannot physically affect the PUF and remain 
undetected. The eavesdropper can use side channels. In our further study, we will not discuss the features of 
robustness and unclonability as an assumption that they will be executed. 

The unpredictability of PUF can be determined in a narrow and broad sense. Unpredictability in its 
narrow sense is determined for a separate PUF as follows. With any random equanimous choice of a 


challenge, the probability of response R; occurrence is close to probability or If there is some sub-set of 


responses {R} C {R}, which are used in some PUF applications, then the probability of the attacker’s success 
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in guessing any response {R} will amount to A If the condition |R | <« |R| is satisfied, then the probability of 


guessing the response to a random challenge is negligible. 
In a broad sense, unpredictability is determined as the impossibility of forming the same responses 
to different PUFs. As known, the number of display options of type X* > Y*, where the number of boolean 


k-dimensional functions determines X, Y € (0,1) and amounts to (22")k . It follows that even with moderate 
k, the probability of occurrence of two identical displays is negligible. However, such idealization of PUF is 
not confirmed by practice. Maiti et al. [21] notes that the number of its states is polynomially dependent on 
its linear dimensions for any physical system. Therefore, the assessment of the PUF number cannot be 
achieved in practice. Hence, it is necessary to assume that the PUF number polynomially depends on the 
potency of a set of responses, |F| = Poly(|R|). It means the possibility of sub-sets {F;j}, which have the 
same CRP in some quantity. 

In this regard, estimating the potency of such sub-sets and the number of CRPs coinciding with 
them is necessary. To model the relationship of the CRP of different PUFs, let us apply the class of strictly 
universal hash functions suggested by Carter and Wegman [22]. 


Definition. Class of strictly universal hash functions is such a set of displays H: X > Y that: 
a. foranyx E X,y E Y:#{h E€ H: y = h(x)} = a where |H| is the total number of hash functions h, |Y| 
is the total number of hash codes Y, #{..} is the number of hash functions satisfying the condition given 
in the curly brackets; 


b. forany x,, x2 E X,x, + x, and yy, y, EY. 


|H| 


#{h € H: h(a) = ya, h2) = y2} = Fe 
Concerning PUF, let us introduce the notion of a PUF class, under which we will understand a set of 
PUFs made according to the same technology and having fixed parameters of the challenge and response 
signals. Then, from condition 1), it follows that for any CRP. 
|F| 


|Fij: G> R|=— (1) 


IR] 


Execution of condition 2) for PUF means that the number of PUFs, for which 


Fir Fis ' 
(Ci —> R, G —5 Rs), Ci + GC; is determined by the potency of the intersection of sub-sets F = Fi, N Fis 
and inversely proportional to the square of the potency of a response set |R]. 


Fl = tar 2) 


~ [RIP 


In particular, in the case when the PUF response signal R is binary sequence with a length of k 
symbols, the number of possible answers equals the number of all sorts of binary combinations with the 
length of k, it means |R| = 2*, from (1) and (2) it follows that: 


eT 
[Fiy: Ci > R;| ~ 9k 
1 IF| 
F'| = . 
(Eeay 


From (1) and (2), it is obvious that if |E = 1, then the number of PUFs is |F| = |R|?, which means 
it polynomially (by the second degree polynom) depends on |R|. The polynomial dependence of the PUF 
number gives grounds to assume that, on the one hand, the proposed model does not contradict the practice. 
On the other hand, as shown, it is sufficient to ensure the security of the authentication system using PUF. 
Thus, we assume that PUFs having the following characteristics are used to solve authentication tasks: 

— The number of digits of the binary representation of the response -k (PUF dimension) linearly depends 
on its physical size; 

— The number of pairs (CRP) exponentially depends on the PUF dimension |R| = 2*; 

— The number of PUFs polynomially depends on the response potency |F| = Poly(|R|) = |R]|?. 
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3. METHOD 
3.1. DH authentication protocol using a TA and PUFs 

Let us consider the general chart of authentication of a key generated by users A and B if there is a 
TA under conditions of attacks of an active eavesdropper E Figure 2. The users communicate with TA, where 
they are preliminary authenticated using protocols that apply certificates, for example, protocols SSL/TLS or 
IPSec [23]. The users have integrated PUF blocks into their devices. The user’s task is to generate the key 
Kag = Ky = Kg according to the DH method. For this, users have a two-way communication channel between 
themselves. The key is authenticated via TA based on PUFs. The eavesdropper F has an opportunity to control 
both communication channels between the users A and B, and channels between the users and TA, and carry 
out active attacks there. 

A database is created, which records sub-sets {cĉ i R)s} of randomly selected CRP for each PUF. 


The number of such pairs for one device is IG ; R) | <« 2*. The meaning of this restriction is that if the 
eavesdropper “senses” the device implementing PUF by sending random challenges to it, then the probability 
of choosing a request from a subset 1G; R)5} will be negligible. CRPs (C, R), for each PUF in some 


numbers are computed at the plant during the PUF production and recorded in the TA database, which is 
stored in an encrypted form. 


Date base (C, R) 


PUFs of all users 


Trusted 
Authority TA 


Eavesdropper Eve 


JX 


User Alice User Bob 


| Ra 


RY 


Figure 2. Keys authentication using TA and PUFs 


The principle of DH-keys authentication by legal users is in the proof that the keys K, and Kg 
generated by the user are the same. Remember that when the eavesdropper carries out a man-in-the-middle 
attack, he generates two keys: Kg and Ką with large probability Kg + Kg. To confirm that the users generated 
the same keys, the TA sends challenges to the users, and they send responses S4 and Sz generated using PUF 
to the TA. If the information contained in the responses confirms that the keys are the same, then the DH key 
is authenticated as genuine. If not, the key is not authenticated. Therefore, the task of the eavesdropper is to 
generate and transfer false answers S, and Sẹ to TA, and they must persuade TA that the keys Kẹ and Kẹ 
coincide. 


3.2. DH-keys authentication protocol using a TA and PUFs (option 1) 

Let us consider the key authentication protocol based on the principle. After the users generate 
DH-key: K; =K, = Kg, one or both users send a challenge to the TA for execution of the authentication 
protocol of the key they generated. Key authentication protocol includes the following types Figure 3: 

a. The TA sends challenges C,, Cg from the list of the challenges it has to users A and B. 
b. The user A computes the value of his PUF for this challenge R, = f(C,). The user B computes a similar 
value of his PUF Rg = f (Cz). 

We record the response R, in the form of concatenation of three parts R4 = Raz||Ra2||Ra3, where 
each part may be presented as a number — Galois field element - R4, € GF (N), similarly the response Rp is 


recorded in the form of Rg = Rg1||Rg2||Rg3, where Rp, E GF (N). i=1,2,3 (N is a prime number). 
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c. User A generates a response to the TA in the form of S, = [R41 ® h(K,)] x RazmodN, where h( K,) is 
the hash function from the generated by the user key (h( K,) E GF(N)), and sends it to T. The user B 
similarly generates and sends the response to the TA in the form of Sp = [Rg, ® h(K,)] x Rg,modN, 
where signs “+” and “x” correspond to addiction and multiplication in the field GF ( N). 

d. Having received S, andSz,, the TA carries out conversions: 


S,*R'g,modN = Ry, @ h(K,), Sp * R'g2ModN = Rpg, O A(K,), 
where R',3, R'54 are inverse element for R'42, R'g2according to modN, and then computes. 
Rar Ð h(Ks) D Rai B h(Ks) = Rai Ọ Rai. 


The obtained value is compared to R'4, ® R'g1. Here R'41, R'g1, R'42, and R'p2 are reference responses of 
A and B devices PUF, which are stored in the database of TA. If: 


Ray ® Ray = R'41 ® R's, (3) 


The TA verifies that the keys of A and B coincide, which means there was no man-in-the-middle attack. 

e. The TA notifies the users A and B that the keys coincide and authentication is done. For this, he sends 
messages R43 and Rp, to the users A and B, respectively. 

f. The user A, having received R43, verifies the equality R43 = R43. 

The user B, having received R3, verifies the equality Rp, = Rp3. If equalities are true, the users are 
sure they have generated the same keys. When equality (3) is true, the centre informs the users by inverse 
values: R’,, and R’,,. After the authentication procedure, the TA deletes the used pair (C;, R;) from its 
database. 

In this protocol, the most difficult operation of the users is multiplication in the final field by 
masking multiplier Ry2Rp2. In the TA, it is N modulo addressing of the element. We also assume that used 
by the users A, B hash function h(K,) satisfies the cryptographic requirements of collision strength and 
one-wayness [24]. The PUF of f,4(c) and fg(C) are computed automatically by integrated devices. In this 
protocol, unlike the popular Needham-Schroeder authenticated key distribution protocol [25], the TA is used 
only for authenticating keys generated by the users, and it does not participate in their generation; hence, it 
cannot access them. 


Ka CAR’ aj CaR’s Ks 
1 Ca 4. Cg 
2. PUFA 2. PUFg 
R= fC4) Rg = f(Cg) 
R, =R; |Ry2 Ras Rs = Rg; [Rs [Ras 


3 Sa =[Ri OAK, )]*RymodN | Sp =[Ry, DAK; )]* RymodN 
Sn | SE | 


4. Calculates: 
S4: R'jmodN =|R 4 1® h(K, ) 
Sp: Rig modN =|Rp 1 ® h(K, ) 
Ry @h(K, )® Rp} Bh(K, )=R4y ® Rpy 
compares: 
R41 © Rg =|Rig © Rp1? 


5. Ri; 5. Res 


y y 
6. compares: 6. compares: 
Rp =R? Rp = Rp? 


Figure 3. Authentication protocol chart with the TA based on PUF (option 1) 
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3.3. Key authentication protocol using the TA and PUFs without the use of arithmetic operations 
(option 2) 

This protocol option does not require any operation of multiplication of large numbers by users and 
the operation of searching for the inverse element in the module in the TA. Let us consider this protocol, 
starting with the DH key authentication procedure. 

a. The TA sends challenges C, and Cpg to users A and B. 

b. 2. The user A finds response PUFa R; = f (C4), the user B computes similarly and finds response PUFg 
Rg =f(Cg). Let us present responses R4 and Rg in the form of concatenation of two parts 
Ry = Rai llR42, Rg = RpillRp2 respectively. 

c. The users A and B generate responses: 


Sa = h(K4)|lh(Ra1 Il h(K4)), Sp = h(Kg)|lh(Rg: Il h(Kg)), 


where h(. )is hash function. 

d. Having received S, and Sg, the TA verifies the equality of the first parts of the responses 
h(K,) = h(Kg). If the equality is true, then the hash function value is computed (Rj, Il hCK,)) 
(parameter R4; is taken by the TA from its database), which is compared to the value h(Ry, Il h(K4)) 
received from the user A in the second part of the response. Similarly, having received Sp, the TA finds 
h(Rp, Il h(Kg)) and compares it to h(Rg, Il h(Kg)) received from the user B. If comparisons are true, 
then the users 4 and B have generated similar keys; hence, the authentication is successful. 

e. The TA notifies the users A and B that the keys are authenticated. For this, it sends messages Rj and 
Rg to the users A and B, respectively. If comparisons are not fulfilled, the TA may notify the users by 
sending inverse values R’4. and R’p. 

f The user A, having received Rj, verifies the equality Rj, = Raz. The user B, having received Rp2, 
performs a similar comparison Rgz = Rp2. If equalities are true, the users are sure they have generated 
the same keys. 

The protocol work chart is presented in Figure 4. Let us highlight that in this protocol option, the length of 

the response |S4| (|Sg]) of the users may be decreased if |h( K,)| < |K,|and [AC Racey)| < [Racey| are chosen. 


[a] TA |e | 


2. PUFs 
Rg = S(Cy) 
Ry = Rp Reo 


2. PUFA 
Ry = f(Cy) 
R,=Ry IRn 


3 Sa FAK, )|hRa AK, ) Sp =h(K, (Rp, AEK, )) 


ii compares: 
hK 4) =WWKy )? 
calculates: 
A(R, |(K,)), | hR \K, ) 
compares: 
A(R |AK, )) = WR | hK, )) ? 
hRg |AK, )) = W(Ryy|\(K,, )) ? 


5. Rip 


— V_ 
6. compares: | 6. compares: 
Ry =Rnp? Rp = Rp? 


Figure 4. Chart of the authentication protocol with the TA based on PUF (option 2) 
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4. RESULTS AND DISCUSSION 

Let us analyze the second option of the DH-key authentication protocol without arithmetic 
calculations. To do this, we will present and prove several lemmas. 

Lemma 1. Eavesdropping in the information exchange channels (IEC) between users and in IEC 
between abonents and the TA is less informative for the eavesdropper. 

Proof: The eavesdropper does not obtain any information by inspecting the communication channel 
between the users since the users do not exchange any data except DH values. An eavesdropper monitors the 
exchange of messages in channels between users and a TA. It intercepts calls Cy, Cg from TA. Then he answers 
calls S, and Sp, sending them the second parts of responses to calls R42, Rg2 or their inversion. 

Responses to the challenges S4 = h(K,)||A(Ra, Il h(K;)) and Sg = hCK,)||h(Rp, Il h(K;)) contain 
hash codes of the key and hash codes of the first part of the response. If the hash function is chosen correctly, 
for example, according to SHA-3 [24], restoration of the key K, by its hash code h(K,) is computationally 
impossible. Based on monitoring the challenges and information in the responses, the eavesdropper can set a 
task of building a challenge-response table {C; > Rj} for PUF of the User to carry out an active attack later. 
However, opportunities for such attacks are limited. In fact, challenges transferred to the eavesdropper and 
known and are random numbers. In response to the challenge, the eavesdropper can access the first part of the 
response of PUF in the form of hash code -h(R,,), and if the hash function is built correctly, the pre-image 
cannot be restored. The second part of the response of PUF R,, becomes known to the eavesdropper after the 
authentication procedure completion. Since the challenge and response are one-time and after their use, they 
are deleted from the database of the TA, this information becomes useless. And this proves the lemma. 

Lemma 2. The suggested protocol reliably detects the MITM attack. 

Proof: Let’s assume that when implementing a protocol for distributing common key between users 
A and B, the eavesdropper managed to carry out a MITM attack, as a result of which he generated the key 
Kg = K4 with the user A, and key Kg = Kg with the user B, while Kg # Kg. The further task of the 
eavesdropper is to convince the TA that the keys Kg and K; coincide. 

Suppose also that the eavesdropper intercepted the messages S4 = h(Kg)||A(Rai I A(Kg)) and 
Sp = h(Kġ)llh(Rpg1 Il A(KŁ)), which the users sent to the TA. To prove that the keys coincide, the 
eavesdropper may broadcast the message S, = h(Kg)||h( Ra, Il A(Kg)) to the TA, and instead of the message 
Sg, he must generate the message S = h(K,)||h(Rai Il A(Kg)). The first parts of the messages S, and Sh 
coincide, so the first verification in the TA is passed successfully. For the successful verification of the 
second part, it is necessary that the equality h(R;, Il h(Kg)) = h(Rpg1 || h(Kg)) is true. Sequence Rp, is not 
known to be the eavesdropper. Considering that Rg, is a random sequence with a length of k/2, the only 
option for the eavesdropper is to guess such a sequence. Choosing k to be large enough, the likelihood of 
such an attack will be negligible. 

Another attack of the eavesdropper may be a transfer of false messages about the completion of 
authentication to both users, R42 and Rp» (although authentication was not completed). Sequences R42 and 
Ryo are binary random sequences, each having a length of k/2 bit. The probability of their guessing is also 
negligible. The properties of the PUF can cause another authentication protocol vulnerability to be used. 
Attack of both users, which creates a false message Sz = h(K;)||h(Rp, Il h(Kg)) may be successful if it 
occurs that responses to the challenges C4 and Cg for PUF, and PUFs coincide, it means Rg = R4. 


Let us estimate the probability of this event. Suppose that |F;| is the number of PUFs, for which 


Ca > R,. According to feature 1 of the universal hash functions |F;| = a The eavesdropper’s attack will be 

successful if for PUFsg presentation Cg > R; is true. According to feature 2) of the universal hash functions, 

the number of hash functions, for which (C, — R4, Cg — R4), equals |F'| = ao 
Then, the probability that PUFg generates the same response as PUFa equals: 


Considering that the PUF response is a binary sequence of length k, then |R| = 2”. By choosing a 
large enough k, we can get a negligible probability of a successful attack. The lemma is proved. 

Lemma 3. By sending random challenges to the device and thus “probing” it, an active listener can 
select a challenge with negligible probability from a subset of selected CRPs stored at the DB of TA. 

Proof: Suppose the eavesdropper can “probe” the User’s device, sending random challenges to it, to 
select a CRPs, which is included in the sub-set of CRP from DB. Then, having found such a pair, the 
eavesdropper may act as the TA and send a challenge to the users, receive the correct response and confirm 
authentication. If the potency of the sub-set stored in the DB challenge-request pairs is |A] << 2* for one 
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device, then the probability of choosing the desired request from the pairs sub-set is negligible. In practice, 
the probability of probing can be reduced by introducing restrictions on the generation of responses by the 
User after receiving a certain number of challenges, as it is done in password systems. The lemma is proved. 
Combining the proven lemmas, we formulate a theorem. 

Theorem. Key authentication protocol using TA and PUFs is secured. 

Proof: Based on Lemma 1, it can be stated that any communication between the protocol 
participants is secured, and the eavesdropper does not receive information on the key. Lemma 2 allows 
making sure that if the eavesdropper broadcasts the intercepted response of the user A, and the response of 
the user B will be generated by him using a random selection of a response of the PUF, he will not be able to 
perpetuate the legal user’s identity. According to Lemma 3, the eavesdropper cannot choose a request from a 
subset of CRPs by sending random challenges to the user. As a result, it can be concluded that legal users can 
safely authenticate their keys using the proposed protocol. 

Comment. Similarly, the security theorem for the first option of the protocol may be proved. 
Lemmas 1 and 3 may be used without changes and additions. In lemma 2, it is necessary to show that the 
success of the key substitution attack will not be achieved if the eavesdropper broadcasts the response of the 
user A S4 = [Rai ® h(Kg)] X RazmodN, and generates the response from the user B in the form of 
S's = [Rei ® h(Kg)] X RgzmodN. It is possible that the eavesdropper guesses a part of the response from 
PUFs - Rg2. Considering that Rg, € GF (N) and choosing large enough N, the probability of such an attack 
will be negligible. On the other hand, the attack can be successful if the responses for PUFa and PUFg 


coincide. As shown in the proof of lemma 2, the probability of this event equals P4 = H = F 


Let us consider an example of selecting PUF parameters. Suppose the DB of the TA for each User 
contains 100,000 CRPs (|F;| = 100000), then if the length k of the bit sequence in the challenge and 
response is equal to 128 bits, the amount of DB memory for one device will be 128 - 2 - 100000 bit = 32 
Mbit. Then, the capacity of the DB, which stores information about 1 thousand devices, will be 32 Gbyte. 
The probability of randomly selecting a pair of numbers stored in the DB during PUF probing is Pprob = 
10°/2128 = 10733. With polynomial dependence of PUF number from the number of responses (for second- 
degree polynom), it is possible to implement (2728)? ~ 1077 of PUF. We see that the proportion of the used 
CRPs is negligible from their total number. The share of the used PUFs is also negligible compared to their 
total number, even when the polynomial approximates the PUF number. The proposed authentication 
protocol can be implemented. 


5. CONCLUSION 

The paper solves the task of authenticating keys distributed by the DH method among network users, 
each with a built-in block with a PUF in his device. The keys are authenticated by a TA with a database of 
challenge-response value pairs for each user’s PUF. We briefly describe PUF features and emphasizes the need 
to formalize PUF features. It is proposed to use th e class of strictly universal hash functions developed by 
Wegman and Carter. A polynomial dependence of the possible number of PUFs on the number of answers has 
been proven. Requirements for PUFs suitable for authentication systems are formulated. 

We proposed two options for DH key authentication protocols based on the submission of 
challenges to users by a trusted centre and the generation of responses by them to these challenges using the 
PUF. The trusted centre makes the authentication decision based on the coincidence (equality) criterion of the 
keys received from a pair of users. The security of this protocol is proved here. The article also contains an 
example of evaluating the capacity of the TA database for storing CRPs of users’ PUFs, demonstrating the 
possibility of practical implementation of the method. We plan further research in continuing the work in the 
following directions: verification of the formal model of the PUF structure and its description in the framework 
of the extended class of ¢-almost universal hash functions; optimization of the DH key authentication protocol 
parameters; development of PUF-based authentication protocols without a challenge-response database for each 
PUF in the TA. 
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